You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by gg...@apache.org on 2022/11/15 16:11:29 UTC

[commons-bcel] branch master updated: org.apache.bcel.classfile.Attribute constructors now throw ClassFormatException on invalid name index input.

This is an automated email from the ASF dual-hosted git repository.

ggregory pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-bcel.git


The following commit(s) were added to refs/heads/master by this push:
     new e6e52645 org.apache.bcel.classfile.Attribute constructors now throw ClassFormatException on invalid name index input.
e6e52645 is described below

commit e6e52645598401e244e2f74882545df9c10da489
Author: Gary David Gregory (Code signing key) <gg...@apache.org>
AuthorDate: Tue Nov 15 11:11:25 2022 -0500

    org.apache.bcel.classfile.Attribute constructors now throw
    ClassFormatException on invalid name index input.
---
 src/changes/changes.xml                            |  1 +
 .../java/org/apache/bcel/classfile/Attribute.java  |  3 ++-
 src/main/java/org/apache/bcel/util/Args.java       | 27 ++++++++++++++++++----
 3 files changed, 26 insertions(+), 5 deletions(-)

diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 3e2a7f23..f0b8a76b 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -74,6 +74,7 @@ The <action> type attribute can be add,update,fix,remove.
       <action                  type="fix" dev="markt" due-to="OSS-Fuzz">When parsing an invalid class, ensure ClassParser.parse() throws ClassFormatException, not IllegalArgumentException.</action>
       <action                  type="fix" dev="markt" due-to="OSS-Fuzz">Ensure Code attributes with invalid sizes trigger a ClassFormatException.</action>
       <action                  type="fix" dev="ggregory" due-to="Gary Gregory">org.apache.bcel.classfile.Deprecated constructors now throw ClassFormatException on invalid length input.</action>
+      <action                  type="fix" dev="ggregory" due-to="Gary Gregory">org.apache.bcel.classfile.Attribute constructors now throw ClassFormatException on invalid name index input.</action>
       <!-- UPDATE -->
       <action                  type="update" dev="ggregory" due-to="Gary Gregory">Bump spotbugs-maven-plugin from 4.7.2.2 to 4.7.3.0 #167.</action>
     </release>
diff --git a/src/main/java/org/apache/bcel/classfile/Attribute.java b/src/main/java/org/apache/bcel/classfile/Attribute.java
index ff2b92b4..d4a66312 100644
--- a/src/main/java/org/apache/bcel/classfile/Attribute.java
+++ b/src/main/java/org/apache/bcel/classfile/Attribute.java
@@ -24,6 +24,7 @@ import java.util.HashMap;
 import java.util.Map;
 
 import org.apache.bcel.Const;
+import org.apache.bcel.util.Args;
 
 /**
  * Abstract super class for <em>Attribute</em> objects. Currently the <em>ConstantValue</em>, <em>SourceFile</em>,
@@ -239,7 +240,7 @@ public abstract class Attribute implements Cloneable, Node {
 
     protected Attribute(final byte tag, final int nameIndex, final int length, final ConstantPool constantPool) {
         this.tag = tag;
-        this.name_index = nameIndex;
+        this.name_index = Args.requireU2(nameIndex, 0, constantPool.getLength(), "Invalid name index");
         this.length = length;
         this.constant_pool = constantPool;
     }
diff --git a/src/main/java/org/apache/bcel/util/Args.java b/src/main/java/org/apache/bcel/util/Args.java
index e6d49dc3..7b85e885 100644
--- a/src/main/java/org/apache/bcel/util/Args.java
+++ b/src/main/java/org/apache/bcel/util/Args.java
@@ -42,20 +42,39 @@ public class Args {
     }
 
     /**
-     * Requires a u2 value of at least {@code min}.
+     * Requires a u2 value of at least {@code min} and not above {@code max}.
      *
      * @param value   The value to test.
-     * @param min     The minimum required value.
+     * @param min     The minimum required u2 value.
+     * @param max     The maximum required u2 value.
      * @param message The message prefix
      * @return The value to test.
      */
-    public static int requireU2(final int value, final int min, final String message) {
-        if (value < min || value > Const.MAX_SHORT) {
+    public static int requireU2(final int value, final int min, final int max, final String message) {
+        if (max > Const.MAX_SHORT) {
+            throw new IllegalArgumentException(String.format("Programming error: %,d > %,d", max, Const.MAX_SHORT));
+        }
+        if (min < 0) {
+            throw new IllegalArgumentException(String.format("Programming error: %,d < 0", min));
+        }
+        if (value < min || value > max) {
             throw new ClassFormatException(String.format("%s [Value out of range (%,d - %,d) for type u2: %,d]", message, min, Const.MAX_SHORT, value));
         }
         return value;
     }
 
+    /**
+     * Requires a u2 value of at least {@code min}.
+     *
+     * @param value   The value to test.
+     * @param min     The minimum required value.
+     * @param message The message prefix
+     * @return The value to test.
+     */
+    public static int requireU2(final int value, final int min, final String message) {
+        return requireU2(value, 0, Const.MAX_SHORT, message);
+    }
+
     /**
      * Requires a u2 value.
      *